|
246371
|
8.8 |
HIGH
Network
|
libming
|
libming
|
libming 0.4.8 has a NULL pointer dereference in the strlenext function of the decompile.c file, a different vulnerability than CVE-2018-7874.
|
CWE-476
NULL Pointer Dereference
|
CVE-2018-20428
|
2024-11-21 13:01 |
2018-12-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246372
|
8.8 |
HIGH
Network
|
libming
|
libming
|
libming 0.4.8 has a NULL pointer dereference in the getInt function of the decompile.c file, a different vulnerability than CVE-2018-9132.
|
CWE-476
NULL Pointer Dereference
|
CVE-2018-20427
|
2024-11-21 13:01 |
2018-12-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246373
|
8.8 |
HIGH
Network
|
libming
|
libming
|
libming 0.4.8 has a NULL pointer dereference in the newVar3 function of the decompile.c file, a different vulnerability than CVE-2018-7866.
|
CWE-476
NULL Pointer Dereference
|
CVE-2018-20426
|
2024-11-21 13:01 |
2018-12-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246374
|
8.8 |
HIGH
Network
|
libming
|
libming
|
libming 0.4.8 has a NULL pointer dereference in the pushdup function of the decompile.c file.
|
CWE-476
NULL Pointer Dereference
|
CVE-2018-20425
|
2024-11-21 13:01 |
2018-12-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246375
|
5.9 |
MEDIUM
Network
|
comsenz
|
discuzx
|
Discuz! DiscuzX 3.4, when WeChat login is enabled, allows remote attackers to delete the common_member_wechatmp data structure via an ac=unbindmp request to plugin.php.
|
CWE-20
Improper Input Validation
|
CVE-2018-20424
|
2024-11-21 13:01 |
2018-12-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246376
|
8.1 |
HIGH
Network
|
comsenz
|
discuzx
|
Discuz! DiscuzX 3.4, when WeChat login is enabled, allows remote attackers to bypass a "disabled registration" setting by adding a non-existing wxopenid value to the plugin.php ac=wxregister query st…
|
NVD-CWE-noinfo
|
CVE-2018-20423
|
2024-11-21 13:01 |
2018-12-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246377
|
8.1 |
HIGH
Network
|
comsenz
|
discuzx
|
Discuz! DiscuzX 3.4, when WeChat login is enabled, allows remote attackers to bypass authentication by leveraging a non-empty #wechat#common_member_wechatmp to gain login access to an account via a p…
|
CWE-287
Improper Authentication
|
CVE-2018-20422
|
2024-11-21 13:01 |
2018-12-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246378
|
4.8 |
MEDIUM
Network
|
craftcms
|
craft_cms
|
index.php?p=admin/actions/entries/save-entry in Craft CMS 3.0.25 allows XSS by saving a new title from the console tab.
|
CWE-79
Cross-site Scripting
|
CVE-2018-20418
|
2024-11-21 13:01 |
2018-12-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246379
|
7.5 |
HIGH
Network
|
ethereum
|
go_ethereum
|
Go Ethereum (aka geth) 1.8.19 allows attackers to cause a denial of service (memory consumption) by rewriting the length of a dynamic array in memory, and then writing data to a single memory locatio…
|
CWE-770
Allocation of Resources Without Limits or Throttling
|
CVE-2018-20421
|
2024-11-21 13:01 |
2018-12-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246380
|
4.9 |
MEDIUM
Network
|
weberp
|
weberp
|
In webERP 4.15, Z_CreateCompanyTemplateFile.php has Incorrect Access Control, leading to the overwrite of an existing .sql file on the target web site by creating a template and then using ../ direct…
|
CWE-732
Incorrect Permission Assignment for Critical Resource
|
CVE-2018-20420
|
2024-11-21 13:01 |
2018-12-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|